I could see this being useful to create a keystore management UI for
picketlink IdP's and SP's, possibly providing a path to self-service in
some SP use cases?
-mike
On 06/18/2014 02:28 PM, Pedro Igor Silva wrote:
> Hi,
>> We're looking to provide a API to easily enable Key and Certificate Management to PicketLink-based applications.
>> The idea is turn a partition into a Certification Authority, responsible for issue, validate, revoke and renew certificates for the identity types (eg.: users, devices, etc) associated with it.
>> In the future, we also want to provide:
>> - RESTful Endpoints to perform not only certificate operations, but also manage keys. Specially public keys. Probably using JSON Web Keys (JWK).
> - Better support for html5 and mobile applications that require some kind of support for certificates, assymetric keys, signature and encryption. Specially when using JWT and JOSE.
> - Support Java KeyStores to load and store keys.
>> So far we did something like:
>> CertificateConfig config = new DefaultCertificateConfig();
>> // set config with signature algo, cert sign algo, default validity, bit length, etc
>> // create a CA based on a existing partition
> CertificateAuthority authority = new DefaultCertificateAuthority(partition, config);
>> User user = // get user
>> CertificateRequest certRequest = new DefaultCertificateRequest(user, config)
>> X509Certificate userCert = ca.issue(certRequest); // issue a cert for user and sign it with the CA key
>> We're still working on it. But would like to check your feedback or opinions about requirements and use cases.
>> Regards.
> Pedro Igor
> _______________________________________________
> security-dev mailing list
>security-dev at lists.jboss.org>https://lists.jboss.org/mailman/listinfo/security-dev